void setupAppBasePath(const std::string &pkgId, const std::string &basePath);
/**
+ * Changes Smack label on path to enable private sharing
+ *
+ * @param pkgId[in] package identifier
+ * @param path[in] path
+ */
+void setupSharedPrivatePath(const std::string &pkgId, const std::string &path);
+
+/**
* Generates application name for a label fetched from Cynara
*
* @param[in] label string to fetch application name for
std::string generatePkgROLabel(const std::string &pkgId);
/**
+ * Generates unique label per path for private path sharing.
+ *
+ * @param[in] pkgId
+ * @param[in] path
+ * @return resulting Smack label
+ */
+std::string generateSharedPrivateLabel(const std::string &pkgId, const std::string &path);
+
+/*
+ * Generates label for trusted paths. Trusted paths are paths where all application
+ * of the same author have rw rights.
+ *
+ * @param[in] authorId
+ * @return resulting Smack label
+ */
+std::string generateAuthorLabel(const std::string &authorId);
+
+/**
* Returns smack label for given socket
*
* @param[in] socket descriptor
*/
std::string getSmackLabelFromPid(pid_t pid);
-/*
- * Generates label for trusted paths. Trusted paths are paths where all application
- * of the same author have rw rights.
+/**
+ * Returns smack label for given path
*
- * @param[in] authorId
+ * @param[in] process identifier
* @return resulting Smack label
*/
-std::string generateAuthorLabel(const std::string &authorId);
+std::string getSmackLabelFromPath(const std::string &path);
} // namespace SmackLabels
} // namespace SecurityManager
*
*/
+#include <crypt.h>
#include <sys/stat.h>
#include <sys/smack.h>
#include <sys/xattr.h>
#include <fstream>
#include <string>
#include <sstream>
+#include <algorithm>
#include <dpl/log/log.h>
#include "smack-labels.h"
#include "zone-utils.h"
+
namespace SecurityManager {
namespace SmackLabels {
pathSetSmack(pkgPath.c_str(), LABEL_FOR_APP_PUBLIC_RO_PATH, XATTR_NAME_SMACK);
}
+void setupSharedPrivatePath(const std::string &pkgId, const std::string &path) {
+ pathSetSmack(path.c_str(), generateSharedPrivateLabel(pkgId, path), XATTR_NAME_SMACK);
+}
+
std::string generateAppNameFromLabel(const std::string &label)
{
static const char prefix[] = "User::App::";
return label;
}
+std::string generateSharedPrivateLabel(const std::string &pkgId, const std::string &path) {
+ // Prefix $1$ causes crypt() to use MD5 function
+ std::string label = "User::Pkg::";
+ std::string salt = "$1$" + pkgId;
+
+ const char * cryptLabel = crypt(path.c_str(), salt.c_str());
+ if (!cryptLabel) {
+ ThrowMsg(SmackException::Base, "crypt error");
+ }
+ label += cryptLabel;
+ std::replace(label.begin(), label.end(), '/', '%');
+ if (smack_label_length(label.c_str()) <= 0)
+ ThrowMsg(SmackException::InvalidLabel, "Invalid Smack label generated from path " << path);
+ return label;
+}
+
std::string getSmackLabelFromSocket(int socketFd)
{
char *label = nullptr;
return "User::Author::" + authorId;
}
+std::string getSmackLabelFromPath(const std::string &path) {
+ char label[SMACK_LABEL_LEN];
+ ssize_t realLen;
+ if ((realLen = lgetxattr(path.c_str(), XATTR_NAME_SMACK, label, SMACK_LABEL_LEN)) < 0) {
+ ThrowMsg(SmackException::FileError, "lgetxattr failed");
+ }
+ return std::string(label, label+realLen);
+}
+
} // namespace SmackLabels
} // namespace SecurityManager